diff options
| author | Antoine Pitrou <solipsis@pitrou.net> | 2011-01-20 21:20:18 (GMT) |
|---|---|---|
| committer | Antoine Pitrou <solipsis@pitrou.net> | 2011-01-20 21:20:18 (GMT) |
| commit | 8a0eede21de65f2d96c7e533e3c2aeca60a7859a (patch) | |
| tree | babcc40240337cb8c405723104d256583b9b302c | |
| parent | 7e8fbd2b7deb51999908ab0b4f61ac254a9cf81a (diff) | |
| download | cpython-8a0eede21de65f2d96c7e533e3c2aeca60a7859a.zip cpython-8a0eede21de65f2d96c7e533e3c2aeca60a7859a.tar.gz cpython-8a0eede21de65f2d96c7e533e3c2aeca60a7859a.tar.bz2 | |
Merged revisions 88131 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/branches/py3k
........
r88131 | antoine.pitrou | 2011-01-20 22:07:24 +0100 (jeu., 20 janv. 2011) | 6 lines
Issue #10955: Fix a potential crash when trying to mmap() a file past its
length. Initial patch by Ross Lagerwall.
This fixes a regression introduced by r88022.
........
| -rw-r--r-- | Lib/test/test_mmap.py | 13 | ||||
| -rw-r--r-- | Misc/NEWS | 3 | ||||
| -rw-r--r-- | Modules/mmapmodule.c | 11 |
3 files changed, 27 insertions, 0 deletions
diff --git a/Lib/test/test_mmap.py b/Lib/test/test_mmap.py index 20ec564..86dea1e 100644 --- a/Lib/test/test_mmap.py +++ b/Lib/test/test_mmap.py @@ -343,6 +343,19 @@ class MmapTests(unittest.TestCase): finally: mf.close() + def test_length_0_large_offset(self): + # Issue #10959: test mapping of a file by passing 0 for + # map length with a large offset doesn't cause a segfault. + if not hasattr(os, "stat"): + self.skipTest("needs os.stat") + + with open(TESTFN, "wb") as f: + f.write(115699 * b'm') # Arbitrary character + + with open(TESTFN, "w+b") as f: + self.assertRaises(ValueError, mmap.mmap, f.fileno(), 0, + offset=2147418112) + def test_move(self): # make move works everywhere (64-bit format problem earlier) f = open(TESTFN, 'w+') @@ -35,6 +35,9 @@ Core and Builtins Library ------- +- Issue #10955: Fix a potential crash when trying to mmap() a file past its + length. Initial patch by Ross Lagerwall. + - Issue #10898: Allow compiling the posix module when the C library defines a symbol named FSTAT. diff --git a/Modules/mmapmodule.c b/Modules/mmapmodule.c index 0e91f2c..4b2a971 100644 --- a/Modules/mmapmodule.c +++ b/Modules/mmapmodule.c @@ -1164,6 +1164,11 @@ new_mmap_object(PyTypeObject *type, PyObject *args, PyObject *kwdict) # endif if (fd != -1 && fstat(fd, &st) == 0 && S_ISREG(st.st_mode)) { if (map_size == 0) { + if (offset >= st.st_size) { + PyErr_SetString(PyExc_ValueError, + "mmap offset is greater than file size"); + return NULL; + } map_size = st.st_size - offset; } else if ((size_t)offset + (size_t)map_size > st.st_size) { PyErr_SetString(PyExc_ValueError, @@ -1346,6 +1351,12 @@ new_mmap_object(PyTypeObject *type, PyObject *args, PyObject *kwdict) else m_obj->size = low; #endif + if (offset >= m_obj->size) { + PyErr_SetString(PyExc_ValueError, + "mmap offset is greater than file size"); + Py_DECREF(m_obj); + return NULL; + } m_obj->size -= offset; } else { m_obj->size = map_size; |